tag:blogger.com,1999:blog-82439798267006779342024-03-12T16:39:19.660-07:00All Cisco-Network Study NotesIT Certification CCIE,CCNP,CCIP,CCNA,CCSP,Cisco Network Optimization and Security TipsXaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comBlogger5393125tag:blogger.com,1999:blog-8243979826700677934.post-5466565788614483182011-11-09T01:21:00.003-08:002011-11-09T01:21:34.505-08:00Virtual LANs (VLAN)<div><br /></div><div>VLANs provide the means to logically group several</div><div>end stations with common sets of requirements.</div><div>VLANs are independent of physical locations,</div><div>meaning that two end stations connected to different</div><div>switches on different floors can belong to the</div><div>same VLAN. Typically the logical grouping follows</div><div>workgroup functions such as engineering or</div><div>finance, but this can be customized.</div><div>With VLANS it is much easier to assign access</div><div>rules and provision services to groups of users</div><div>regardless of their physical location. For example,</div><div>using VLANs you can give all members of a project</div><div>team access to project files by virtue of their</div><div>VLAN membership. This ability also makes it easier</div><div>to add or delete users without rerunning cables</div><div>or changing network addresses.</div><div>VLANs also create their own broadcast domains</div><div>without the addition of Layer 3 devices. 64</div>XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-89223242146682145242011-11-09T01:21:00.001-08:002011-11-09T01:21:11.962-08:00Frame Transmission Modes<div><br /></div><div>Switches typically are Layer 2 devices (some</div><div>switches now perform Layer 3 and higher functions).</div><div>According to the OSI model, the data unit</div><div>processed by a switch is called a frame. Switches</div><div>must balance speed and accuracy (no errors) when</div><div>processing frames, because typically they are measured</div><div>on both attributes.</div><div>The three primary frame switching modes are as</div><div>follows:</div><div>• Cut-through: Also known as fast-forward. The</div><div>switch checks only the destination address and</div><div>immediately begins forwarding the frame. This</div><div>can decrease latency but also can transmit</div><div>frames containing errors.</div><div>• Store-and-forward: The switch waits to receive</div><div>the entire frame before forwarding. The entire</div><div>frame is read, and a cyclic redundancy check</div><div>(CRC) is performed. If the CRC is bad, the</div><div>frame is discarded. Although this method</div><div>increases latency (processing time), it also tends</div><div>to minimize errors.</div><div>• Fragment-free (modified cut-through): The</div><div>switch reads the first 64 bytes before forwarding</div><div>the frame. 64 bytes is the minimum number of</div><div>bytes necessary to detect and filter out collision</div><div>frames.</div>XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-28244024833463827682011-11-09T01:20:00.001-08:002011-11-09T01:20:49.819-08:00Address Learning<div><br /></div><div>A switch must learn the addresses of the devices</div><div>attached to it. First it inspects the source address of</div><div>all the traffic sent through it. Then it associates the</div><div>port the traffic was received on with the MAC</div><div>address listed. The following example illustrates</div><div>this concept. The MAC addresses are not in the</div><div>correct format and are shown for clarity only:</div><div>• Time 0: The switch shown has an empty MAC</div><div>address table.</div><div>• Time 1: The device attached to port 2 sends a</div><div>message intended for the device on port 0. This</div><div>kicks off two actions within the switch. First, the</div><div>switch now knows the address associated with</div><div>the device on port 2, so it enters the information</div><div>into its table. Second, because it does not have</div><div>an association for the device the traffic is intended</div><div>for (the computer on port 0), the switch</div><div>floods the message out all ports except the one</div><div>on which it was received.</div><div><br /></div><div><div>• Time 2: The device on port 0 replies to the message.</div><div>The switch associates the source address of</div><div>the message with port 0.</div><div>Any future communications involving either of</div><div>these end stations will not require these steps,</div><div>because the switch now knows which ports they</div><div>are associated with.</div><div>This process happens all the time in every switch.</div><div>For most switches, when a table entry has reached</div><div>a certain “age” and has not been referenced in a</div><div>while, it can be removed. This process is called</div><div>aging out.</div></div><div><br /></div><div><br /></div>XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-23658637779130238692011-08-01T09:28:00.001-07:002011-08-01T09:31:10.529-07:00Forwarding and FilteringFrom a network efficiency standpoint, it is easy to<br />see that it is much better for the network when the<br />switch knows all the addresses on every port.<br />However, it is not always practical to enter this<br />information manually. As the network grows and<br />changes are made, it becomes almost impossible to<br />keep up.<br /><br />A switch always does something when it receives<br />traffic. The preference is to send the traffic out a<br />specific port (called filtering), but this works only<br />when the location of the intended destination is<br />known. When the destination address is unknown,<br />the switch forwards the traffic out every port,<br />except the one on which the traffic was received.<br />This process is called flooding. Think of this as a<br />guy calling every number in the phone book because<br />he lost a woman’s number from the night before. 61XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-69432254171444850422011-08-01T09:27:00.004-07:002011-08-01T09:28:17.489-07:00Broadcast and Collision DomainsFrom time to time, a device on the network will<br />want to communicate with all other “local” devices<br />at the same time. Typically, this occurs when a<br />device wants to query the network for an IP address,<br />when a device is newly added to a network, or when<br />a change occurs in the network.<br /><br />A group of devices that receive all broadcast messages<br />from members of that group is called a<br />broadcast domain. Network broadcast domains<br />typically are segmented with Layer 3 devices (routers).<br />Think of a broadcast domain as like standing in<br />your yard and yelling as loudly as you can. The<br />neighbors who hear you are within your broadcast<br />domain.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-57728934262203774242011-08-01T09:27:00.003-07:002011-08-01T09:27:58.255-07:00Broadcast and Collision DomainsFrom time to time, a device on the network will<br />want to communicate with all other “local” devices<br />at the same time. Typically, this occurs when a<br />device wants to query the network for an IP address,<br />when a device is newly added to a network, or when<br />a change occurs in the network.<br /><br />A group of devices that receive all broadcast messages<br />from members of that group is called a<br />broadcast domain. Network broadcast domains<br />typically are segmented with Layer 3 devices (routers).<br />Think of a broadcast domain as like standing in<br />your yard and yelling as loudly as you can. The<br />neighbors who hear you are within your broadcast<br />domain.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-55756710650353630082011-08-01T09:27:00.001-07:002011-08-01T09:27:27.936-07:00What Problems Need to Be Solved?• MAC address learning: Switches must learn<br />about the network to make intelligent decisions.<br />Because of the size and changing nature of networks,<br />switches have learned how to discover<br />network addresses and keep track of network<br />changes. Switches do this by finding the address<br />information contained in the frames flowing<br />through the network, and they maintain private<br />tables with that information.<br />• Forwarding and filtering: Switches must decide<br />what to do with traffic. These decisions are<br />based on the switch’s knowledge of the network.<br />• Segmenting end stations: Switches must also have<br />mechanisms for segregating users into logical<br />groupings (virtual LANs [VLAN] or broadcast<br />domains) to allow efficient provisioning of service.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-27175185264487118132011-08-01T09:26:00.003-07:002011-08-01T09:26:32.882-07:00Why Should I Care About Switching?Advances in switching technology combined with<br />a decrease in switch prices have made computer<br />networks a common and increasingly important<br />aspect of business today.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-44710119177574520282011-08-01T09:26:00.001-07:002011-08-01T09:26:20.753-07:00Switches Take Over the WorldAs switches established themselves in networks, vendors added increasing<br />functionality. Modern switches can perform forwarding decisions based on<br />Layer 3 routing, as well as on Layer 4 and above. Even though switches can<br />perform the functions of other higher-layer devices such as routers and content<br />switches, you still must separate these functionalities to avoid single points of<br />failure. Switches are the workhorse of networks, providing functionality across<br />almost all layers of the OSI model reliably and quickly. Switches can also provide<br />power to devices such as IP-based phones using the same Ethernet connection.<br />Again, this applies to very large switches serving corporate networks<br />rather than the switches in a small office or home.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-81622613992794133912011-08-01T09:25:00.001-07:002011-08-01T09:26:00.369-07:00Switching EthernetsAs switch Ethernet ports became less expensive, switches replaced hubs in the<br />wiring closet. Initially, when switches were introduced, network administrators<br />plugged hubs (containing multiple hosts) into switch ports. But eventually, it<br />became cost-effective to plug the hosts directly into a switch port. This<br />arrangement gives each host its own dedicated Ethernet and removes the possibility<br />of collisions. Because a dedicated switch connection has only two devices<br />(the switch and the host), you can configure an Ethernet switch port as full<br />duplex. This means that a device can receive incoming traffic and transmit<br />traffic simultaneously. End stations have considerably more bandwidth when<br />they use switches. Ethernet can run at multiple speeds: 10 Mbps, 100 Mbps,<br />1 Gbps, and 10 Gbps. Therefore, switches can provide connectivity at these<br />speeds. However, network applications and the web create considerably more<br />network traffic, reintroducing new congestion problems. Switches can use<br />quality of service (QoS) and other mechanisms to help solve the congestion<br />issue.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-7243255933796098762011-08-01T09:24:00.002-07:002011-08-01T09:25:07.907-07:00Switching Basics: It’s a BridgeNetwork devices have one primary purpose: to pass network traffic from one<br />segment to another. (There are exceptions, of course, such as network analyzers,<br />which inspect traffic as it goes by.) With devices that independently make<br />forwarding decisions, traffic can travel from its source to the destination. The<br />higher up the OSI model a device operates, the deeper it looks into a packet to<br />make a forwarding decision. Railroad-switching stations provide a similar<br />example. The switches enable a train to enter the appropriate tracks (path)<br />that take it to its final destination. If the switches are set wrong, a train can<br />end up traveling to the wrong destination or traveling in a circle.<br /><br />Switching technology emerged as the replacement for bridging. Switches provide<br />all the features of traditional bridging and more. Compared to bridges,<br />switches provide superior throughput performance, higher port density, and<br />lower per-port cost.<br />The different types of bridging include the following:<br />• Transparent bridging primarily occurs in Ethernet networks.<br />• Source-route bridging occurs in Token Ring networks.<br />• Translational bridging occurs between different media. For example, a translational<br />bridge might connect a Token Ring network to an Ethernet network.<br />Bridging and switching occur at the data link layer (Layer 2 in the OSI model),<br />which means that bridges control data flow, provide transmission error handling,<br />and enable access to physical media. Basic bridging is not complicated:<br />A bridge or switch analyzes an incoming frame, determines where to forward<br />the frame based on the packet’s header information (which contains information<br />on the source and destination addresses), and forwards the frame toward<br />its destination. With transparent bridging, forwarding decisions happen one<br />hop (or network segment) at a time. With source-route bridging, the frame<br />contains a predetermined path to the destination.<br />Bridges and switches divide networks into smaller, self-contained units.<br />Because only a portion of the traffic is forwarded, bridging reduces the overall<br />traffic that devices see on each connected network. The bridge acts as a kind<br />of firewall in that it prevents frame-level errors from propagating from one<br />segment to another. Bridges also accommodate communication among more<br />devices than are supported on a single segment or ring.<br />Bridges and switches essentially extend the effective length of a LAN, permitting<br />more workstations to communicate with each other within a single broadcast<br />domain. The primary difference between switches and bridges is that<br />bridges segment a LAN into a few smaller segments. Switches, through their<br />increased port density and speed, permit segmentation on a much larger scale.<br />Modern-day switches used in corporate networks have hundreds of ports per<br />chassis (unlike the four-port box connected to your cable modem).<br /><br />Additionally, modern-day switches interconnect LAN segments operating at<br />different speeds.<br />Switching describes technologies that are an extension of traditional bridges.<br />Switches connect two or more LAN segments and make forwarding decisions<br />about whether to transmit packets from one segment to another. When a<br />frame arrives, the switch inspects the destination and source Media Access<br />Control (MAC) addresses in the packet. (This is an example of store-andforward<br />switching.) The switch places an entry in a table indicating that the<br />source MAC address is located off the switch interface on which the packet<br />arrived. The bridge then consults the same table for an entry for the destination<br />MAC address. If it has an entry for the destination MAC address, and the<br />entry indicates that the MAC address is located on a different port from which<br />the packet was received, the switch forwards the frame to the specified port.<br />If the switch table indicates that the destination MAC address is located on the<br />same interface on which the frame was just received, the bridge does not forward<br />the frame. Why send it back onto the network segment from which it<br />came? This decision is where a switch reduces network congestion. Finally, if<br />the destination MAC address is not in the switch’s table, this indicates that the<br />switch has not yet seen a frame destined for this MAC address. In this case,<br />the switch then forwards the frames out all other ports (called flooding) except<br />the one on which the packet was received.<br />At their core, switches are multiport bridges. However, switches have radically<br />matured into intelligent devices, replacing both bridges and hubs. Switches not<br />only reduce traffic through the use of bridge tables, but also offer new functionality<br />that supports high-speed connections, virtual LANs, and even traditional<br />routing.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-48255205383922034502011-08-01T09:24:00.001-07:002011-08-01T09:24:21.419-07:00Fast Computers Need Faster NetworksThe PC emerged as the most common desktop computer in the 1980s. LANs<br />emerged as a way to network PCs in a common location. Networking technologies<br />such as Token Ring and Ethernet allowed users to share resources<br />such as printers and exchange files with each other. As originally defined,<br />Ethernet and Token Ring provided network access to multiple devices on the<br />same network segment or ring. These LAN technologies have inherent limitations<br />as to how many devices can connect to a single segment, as well as the<br />physical distance between computers. Desktop computers got faster, the number<br />of computers grew, operating systems began multitasking (allowing multiple<br />tasks to operate at the same time), and applications became more networkcentric.<br />All these advancements resulted in congestion on LANs.<br />To address these issues, two device types emerged: repeaters and bridges.<br />Repeaters are simple Open Systems Interconnection (OSI) Layer 1 devices that<br />allow networks to extend beyond their defined physical distances (which were<br />limited to about 150 feet without the use of a repeater).<br />Bridges are OSI Layer 2 devices that physically split a segment into two and<br />reduce the amount of traffic on either side of the bridge. This setup allows<br />more devices to connect to the LAN and reduces congestion. LAN switches<br />emerged as a natural extension of bridging, revolutionizing the concept of<br />local-area networking.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-74006765565885034072011-08-01T09:23:00.006-07:002011-08-01T09:24:07.478-07:00What They Gave AwayIn the 1970s Xerox Corporation assembled a<br />group of talented researchers to investigate new<br />technologies. The new group was located in the<br />newly opened Palo Alto Research Center (PARC),<br />well away from the corporate headquarters in<br />Connecticut.<br />In addition to developing Ethernet, the brilliant<br />folks at the PARC invented the technology for<br />what eventually became the personal computer<br />(PC), the graphical user interface (GUI), laser printing,<br />and very-large-scale integration (VLSI).<br />Inexplicably, Xerox Corporation failed to recognize<br />the brilliance (and commercial viability) of many of<br />these homegrown innovations and let them walk<br />out the door.<br />To give you an idea of what this cost Xerox in<br />terms of opportunity, the worldwide budget for<br />Ethernet equipment was more than $7 billion in<br />2006 and was expected to grow to more than $10<br />billion by 2009. Just imagine if a single company<br />owned the assets of Apple, Intel, Cisco, HP, and<br />Microsoft. There almost was such a company. Its<br />name is Xerox.<br />At-a-Glance: EthernetXaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-60060213591650490632011-08-01T09:23:00.005-07:002011-08-01T09:23:50.201-07:00LAN RoutersLAN-based routers greatly extend the speed, distance,<br />and intelligence of Ethernet LANs. Routers<br />also allow traffic to be sent along multiple paths.<br />Routers, however, require a common protocol<br />between the router and end stations.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-58741897976311793012011-08-01T09:23:00.003-07:002011-08-01T09:23:36.365-07:00Switched EthernetA LAN switch can be thought of as a high-speed,<br />multiport bridge with a brain. Switches don’t just<br />allow each end station to have a dedicated port<br />(meaning that no collisions occur). They also allow<br />end stations to transmit and receive at the same<br />time (using full duplex), greatly increasing the<br />LAN’s efficiency.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-15514526720381116002011-08-01T09:23:00.001-07:002011-08-01T09:23:22.301-07:00BridgesBridges are simple Layer 2 devices that create new<br />segments, resulting in fewer collisions. Bridges<br />must learn the addresses of the computers on each<br />segment to avoid forwarding traffic to the wrong<br />port. Unlike hubs, which are usually used for networks<br />with a small number of end stations (4 to<br />8), bridges can handle much larger networks with<br />dozens of end stations.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-47994063310288118332011-08-01T09:22:00.004-07:002011-08-01T09:23:06.788-07:00RepeatersRepeaters simply extend the transmission distance<br />of an Ethernet segment.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-76833330304684713472011-08-01T09:22:00.003-07:002011-08-01T09:22:54.380-07:00HubsHubs enable you to add and remove computers<br />without disabling the network, but they do not<br />create additional collision domains.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-81674130344560304052011-08-01T09:22:00.001-07:002011-08-01T09:22:41.437-07:00Ethernet SegmentsA segment is the simplest form of network, in<br />which all devices are directly connected. In this type<br />of arrangement, if any of the computers gets disconnected,<br />or if one is added, the segment is disabled.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-32325421418520085202011-08-01T09:21:00.003-07:002011-08-01T09:22:18.766-07:00Increasing BandwidthIn addition to creating additional segments to<br />increase available bandwidth, you can use a faster<br />medium such as optical fiber or Gigabit Ethernet.<br />Although these technologies are faster, they are still<br />shared media, so collision domains will still exist<br />and will eventually experience the same problems<br />as slower media.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-27759532515240812212011-08-01T09:21:00.002-07:002011-08-01T09:22:04.174-07:00Increasing BandwidthIn addition to creating additional segments to<br />increase available bandwidth, you can use a faster<br />medium such as optical fiber or Gigabit Ethernet.<br />Although these technologies are faster, they are still<br />shared media, so collision domains will still exist<br />and will eventually experience the same problems<br />as slower media.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-25538676084825998672011-08-01T09:21:00.001-07:002011-08-01T09:21:49.411-07:00Increasing BandwidthIn addition to creating additional segments to<br />increase available bandwidth, you can use a faster<br />medium such as optical fiber or Gigabit Ethernet.<br />Although these technologies are faster, they are still<br />shared media, so collision domains will still exist<br />and will eventually experience the same problems<br />as slower media.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-71894302929522440762011-07-24T15:46:00.002-07:002011-07-24T15:47:22.533-07:00Smaller SegmentsSegments can be divided to reduce the number of<br />users and increase the bandwidth available to each<br />user in the segment. Each new segment created<br />results in a new collision domain. Traffic from one<br />segment or collision domain does not interfere with<br />other segments, thereby increasing the available<br />bandwidth of each segment. In the following figure,<br />each segment has greater bandwidth, but all segments<br />are still on a common backbone and must<br />share the available bandwidth. This approach works<br />best when care is taken to make sure that the largest<br />users of bandwidth are placed in separate segments.<br />There are a few basic methods for segmenting an<br />Ethernet LAN into more collision domains:<br />• Use bridges to split collision domains.<br />• Use switches to provide dedicated domains to<br />each host.<br />• Use routers to route traffic between domains<br />(and to not route traffic that does not matter to<br />the other domain).<br />This sheet discusses segmenting using bridges and<br />routers (switching is covered in the next chapter). 53XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-54698949188101707332011-07-24T15:46:00.001-07:002011-07-24T15:46:45.716-07:00Ethernet CollisionsIn a traditional LAN, several users would all share<br />the same port on a network device and would<br />compete for resources (bandwidth). The main limitation<br />of such a setup is that only one device can<br />transmit at a time. Segments that share resources<br />in this manner are called collision domains,<br />because if two or more devices transmit at the<br />same time, the information “collides,” and both<br />end points must resend their information (at different<br />times). Typically the devices both wait a random<br />amount of time before attempting to retransmit.<br />This method works well for a small number of<br />users on a segment, each having relatively low<br />bandwidth requirements. As the number of users<br />increases, the efficiency of collision domains<br />decreases sharply, to the point where overhead traffic<br />(management and control) clogs the network.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.comtag:blogger.com,1999:blog-8243979826700677934.post-43959971809493866472011-07-24T15:45:00.000-07:002011-07-24T15:46:09.316-07:00What Problems Need to Be Solved?Ethernet is a shared resource in which end stations<br />(computers, servers, and so on) all have access to the<br />transmission medium at the same time. The result is<br />that only one device can send information at a time.<br />Given this limitation, two viable solutions exist:<br />• Use a sharing mechanism: If all end stations are<br />forced to share a common wire, rules must exist<br />to ensure that each end station waits its turn<br />before transmitting. In the event of simultaneous<br />transmissions, rules must exist for retransmitting.<br /><br />• Divide the shared segments, and insulate them:<br />Another solution to the limitations of shared<br />resources is to use devices that reduce the number<br />of end stations sharing a resource at any given time.XaeRohttp://www.blogger.com/profile/13698840457366445479noreply@blogger.com